Arbitrary Code Execution via Incorrect Access Control in Pulse Secure Pulse Connect Secure and Pulse Policy Secure

Arbitrary Code Execution via Incorrect Access Control in Pulse Secure Pulse Connect Secure and Pulse Policy Secure

CVE-2019-11509 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.

Learn more about our Web App Pen Testing.